Reposting official announcement on behalf of Robyn Bergeron:
Hello again, Fedora community.
This is an update on Fedora’s response to CVE-2014-0160 (aka “Heartbleed”). This is a critical security vulnerability that requires your immediate attention.
Updates are now available, and are being pushed to our mirror network. The update announcements for Fedora 19 and Fedora 20 are available at:
- [SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1
- [SECURITY] Fedora 20 Update: openssl-1.0.1e-37.fc20.1
Apply updates with
sudo yum upgrade openssl openssl-libs
or with your graphical package manager.
After applying the update, please make sure to restart all services which use OpenSSL. You may find it easiest to simply restart your system. However, if you prefer, you may restart any affected services manually. You can get an overview of programs that need to be restarted by using the command line tool
(This is included in the yum-utils package.) Restart all listed programs until the output of needs-restarting is empty.
The Fedora Cloud images linked at https://fedoraproject.org/en/get-fedora#cloud have been recreated with the updated packages preinstalled.
Fixes have been applied to servers used in Fedora infrastructure and we are investigating any further remediation which may be necessary.
Special thanks to Robert Mayr, Kévin Raymond, Dennis Gilmore, Matthew Miller, Paul Frields, Major Hayden, Kurt Seifried, Kevin Fenzi, William Brown, Nick Bebout, Adam Williamson, Joachim Backes, Pádraig Brady, Lokesh Mandvekar, David Strauss, Joop Braak, Michael Cronenworth, Till Maas, Luke Macken, and others for effort in making these updates available quickly.
– Robyn Bergeron